Heavy reads on Elasticsearch

A99 · December 3, 2017, 8:35am

Hi, I’m using Graylog 2.3.2 with ES 5.6.3 both on the same server (I’m running just one) on AWS/EC2 instance m4.2xlarge. This server has one 4TB st1 EBS volume attached for Elasticsearch data. My Graylog server receives logs from around 50 collector-sidecar agents, and a dashboard that has 10 more widgets (queries cached for from 300 sec. to 1 day).

Currently I see my server is choking Elasticsearch that it reads heavily ~ 100MB/s and no activities can do on Graylog’s web interface, though writes throughput is ~ 25 MB/s (my EBS volume is capped at 125MB/s). I can’t figure out what function that reads heavily like this. Can somebody point me what to look at and what could I do to improve my server’s perfomance.

jochen · December 3, 2017, 1:06pm

Just some ideas: Alerting, Dashboards, other users, unsecured Elasticsearch clusters…

You could activate the access log and check for other users in Graylog:
http://docs.graylog.org/en/2.3/pages/securing.html#logging-user-activity

A99 · December 3, 2017, 3:13pm

I only created one user, so maybe alerts and dashboard. I’m having 5 alerts conditions in which there are 2 unresolved, and it’s because misconfiguration and I can’t remove it.

system · December 17, 2017, 3:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog outgoing traffic to ES increased by 2x in 5min Graylog Central (peer support)	2	782	October 18, 2019
Graylog CPU spiked to 500% and ES seems slow Graylog Central (peer support)	6	1263	March 18, 2019
Graylog 3.3.15 lags behing 4hours consistently Graylog Central (peer support)	2	180	February 8, 2023
Graylog not showing all logs from ES Graylog Central (peer support)	5	911	September 28, 2017
Graylog Processing Messages Super Slow Graylog Central (peer support)	3	3762	October 16, 2018

Heavy reads on Elasticsearch

Related Topics